rwinch
commented
3 years ago You probably missed it, but the README mentions that support has moved to https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-saml2
Closed skocherla123 closed 3 years ago
rwinch
commented
3 years ago You probably missed it, but the README mentions that support has moved to https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-saml2
We are using org.springframework.security.extensions:spring-security-saml2-core:1.0.10.RELEASE in Grails application for SAML2 authentication.
Issue found in opensaml2, commons-httpclient3.1 is downloading from openws transitive dependency which is black duck vulnerability with CVE-2014-3577
According to analysis, Above issue may resolve in org.springframework.security.extensions:spring-security-saml2-core:2.0.0.M31 which is using opensaml3. As is not a released version we can not use it now.
Could you please suggest any workaround.